It consists of two parts:

1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
   on behalf of the user by means of specific tokens

Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829

As in documentation.

Fixes: #58180.

Also remove the requirement between domain_blacklist_enabled and domain_blacklist.

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

Jeremy Jackson authored 5 years ago and Mayra Cabrera committed 5 years ago

This introduces several changes, but these are all just ported from the
EE project.

`allow_local_requests_for_hooks_and_services` was renamed to
`allow_local_requests_for_web_hooks_and_services`.

This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.

Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks

Reuben Pereira authored 5 years ago and Mayra Cabrera committed 5 years ago

Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com>

The /admin panel will now always return an uncached
application setting to ensure it always has the most
current info.

Changes migration and all other places the attribute is used

Jon Kolb authored 5 years ago and Heinrich Lee Yu committed 5 years ago

Adds an instance setting to limit display of time tracking
values to hours only